Is Apple's Snow Leopard as attack proof as the company believes? Probably not, but it does add some significant protections. Security companies, though, are coming out with criticism against Apple's efforts, in what seems a mix of sour grapes and legitimate points. (Source: Simple Thoughts -- Computer Security Blog)

Are security firms' Snow Leopard gripes legitimate or just sour grapes? The answer may be be that they are a bit of both..

Apple,
which has long lambasted Windows PCs as dangerously
insecure in its advertisements, brags that its new OS offers
unmatched protection against malware and cyber-attacks. It
points to hardware-based execution control for heap memory, stronger
checksums for preventing memory corruption attacks, and built in
antivirus protection -- dubbed XProtect -- as strong improvements in
its OS design.

Now security companies are responding
to Apple's boasts via blogs and emails that range from skeptical to
scathing.

Symantec was among the most critical,
stating, "It is not a full-featured antivirus solution and does
not have the ability to remove malware from the system. File
Quarantine is also signature-based only. Malware signatures are only
as good as the definitions, requiring Apple to provide regular,
timely updates."

The company points out that OS X's
Software Update is not fully automatic and that it does not inform
users what signatures have been downloaded, to indicate the current
level of protection. They also criticize that Apple's firewall
is turned off by default and lacks the configurability of most
third-party solutions. Also they point out that the OS provides
little to no protection against unauthorized access of sensitive
information on disc or for information being transmitted over
networks. Finally, they say that Apple's reliance on site lists
for its anti-phishing efforts make its blocking close to useless as
the attacking sites typically change on a daily basis.

Andrew
Storms, director of security operations at nCircle Network Security,
also criticized the new software. "It feels like they are just
trying to put a tic mark in the anti-malware compliance box for the
enterprise customers they are still trying to woo. So far, it
looks like a pretty 'featureless feature.' Compared to other third
party options, the functionality is pretty low. It's a lot like
getting a warranty on your car that only covers floor mats, " he
remarks.

He does
say that the changes are better than nothing, however. Apple
meanwhile, refused to directly respond or comment on the criticism
from security software vendors.

Security vendors will be
facing a double-whammy when Microsoft officially releases its more
full-featured security solution for Windows XP, Vista, and the new
Windows 7. Microsoft is set to drop this free security suite,
dubbed
Microsoft Security Essentials, before the end of the year.

"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs